I struggle a lot on this one: I need to install two Microsoft Office 365’s Exchange Online accounts on macOS 10.14.5 Mojave for use with Apple Mail application.
One account is an account in common for several Mac, I don’t need variables here ; the second one is the device owner's account.
I’ve tried the following with both Profile Manager and Profile Creator with the same results.
I create a profile with two Exchange (EWS for Mac) payloads, one with fixed values, the other one with variables (I get those at enrollment time against Azure Active Directory).
I then upload the custom profile to Meraki SM, it pushes fine on devices.
I check it in the Profile preferences pane, the values are correct, so the variables went through without issue.
But… nothing happens. No account shows in Internet Accounts, none in Apple Mail. Tested a freshly installed virtual machine, same on my own computer none of which are DEP enrolled.
Where I am totally lost is that if I manually install the profile locally with a double click, it seems to work OK, it asks for input of optional values and, of course, the variables I can’t provide.
So has anyone successfully done this and what am I doing wrong?
Thanks a lot for your time.
hanging in here in addition to my original thread
I'm also trying to get this run. Had the same issue as you on Mojave. But now I even can't get the profile installed. Meraki answers with Error:71 "Payload needs to be in a user profile".
According to Apple docs https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf <PayloadScope> is optional and per default User scoped.
Have you figured out how to get this run?
This is my .mobilconfig, as you can see very simple. (feel free to use it, just add your own identifiers)
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>EmailAddress</key> <string>$OWNERMAIL</string> <key>PayloadDisplayName</key> <string>Exchange</string> <key>PayloadIdentifier</key> <string>com.company.macos.exchange.XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.com.apple.ews.account.XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string> <key>PayloadOrganization</key> <string></string> <key>PayloadType</key> <string>com.apple.ews.account</string> <key>PayloadUUID</key> <string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string> <key>PayloadVersion</key> <integer>1</integer> <key>UserName</key> <string>$OWNERUSERNAME</string> </dict> </array> <key>PayloadDisplayName</key> <string>EWS_macOS</string> <key>PayloadIdentifier</key> <string>com.company.macos.exchange.XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string> <key>PayloadOrganization</key> <string>Organization Name</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>
No success on getting it run. Always the same issue as detailed above.
Just wondering, why my old profile got installed a few months ago. Now I even can't install the old profile too.
Lately I’ve been running into issues with Meraki alike yours, like profiles/apps that wouldn’t get pushed.
I opened many cases with support, and during investigation, with no mitigation process involved, everything got back to normal.
Unsure if it’s related to the current issue you’re facing.
I've opened a case about this bug, maybe do it as well and let them link your case to mine 🙂
I'll try also to contact our Meraki representative, since this was a killer feature in the last two competitions when trying to sell Meraki vs other MDM solutions.
One thing is the bug detected and discussed here, the other thing, it seems not to be a high prio on the development road. No one made a response to my first thread and the feature firstly had been announced on the WWDC18. A native support by Meraki would be nice, but in first we need a solution for the bug here.
Due to covid things took a bit longer and support is still investigating.
First the developers meant, the behavior is as expected. After I could prove that this isn't true and provided some logs, the devs are investigating again.
Got an update from support
"I've just been informed and confirmed that there is a new field in the Mac custom profiles called Deploy Channel with the option of Device or User. They are still making additional improvements but this should allow you to deploy your Profile."
@grldP-NS do you see this option already in the custom profile interface?
Could you try deploying the profile on a test device.
Following configs worked for me
Deploy the profile by using user tags for the scope. Owner (in SM) and logged in user should be the same. The user should be actively logged in on the device.
The point that still fails -> Variables are not recognized properly
Last reply from support.
„Yes the screen being locked could interfere with the profile deployment. Also if a user was not logged into the device there would be no user channel to deploy the profile to.“
We deployed the profile on two devices with success